FROM python:3.11-slim

WORKDIR /app

# 添加非root用户
RUN groupadd -r appuser && useradd -r -g appuser appuser

# 更新系统并安装必要的工具和依赖
RUN apt-get update && apt-get install -y \
    libssl-dev \
    libffi-dev \
    gcc \
    wget && \
    pip install --upgrade pip wheel -i https://mirrors.aliyun.com/pypi/simple/

# 复制 requirements.txt 并安装 Python 依赖
COPY requirements.txt ./
RUN pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/

# 复制项目文件
COPY . .

# 设置权限
RUN chown -R appuser:appuser /app

# 使用非root用户运行
USER appuser

# 暴露端口
EXPOSE 5000

# 设置环境变量
ENV FLASK_APP=app.py
ENV PYTHONUNBUFFERED=1

# 启动命令
CMD ["gunicorn", "--bind", "0.0.0.0:5000", "--reuse-port", "main:app"]
